Garak: Securing AI Systems

Hi, I’m Luke Johnson, and I’m on a mission to help secure AI as it evolves into a critical part of our world. In this post, I’ll share my journey exploring Garak, a powerful tool for uncovering vulnerabilities in large language models (LLMs), alongside practical insights for anyone looking to enhance their AI security skills. This isn’t just an introduction to Garak—it’s also a reflection on my own journey, step by step. We should never stop learning, I’m right here with you!

What is Garak, and Why Does It Matter?

Garak is an open-source vulnerability scanner designed to probe LLMs for weaknesses like prompt injection, data leakage, and misinformation. It operates systematically, using plugins and thousands of prompts to uncover hidden risks. If you’re working with LLMs—or planning to—you need tools like Garak in your arsenal to identify potential security flaws before they become real-world problems.

For instance, one of the most common issues Garak highlights is prompt injection, where an attacker manipulates a model’s response by injecting malicious inputs. Understanding and mitigating these risks is crucial for deploying AI responsibly.

How to Get Started with Garak

If you’re new to tools like Garak, here’s a simple roadmap to dive in:

1. Set Up the Basics: Join Garak’s Discord community to access resources and ask questions. Give @AISecurityLuke a shout if you join!

2. Understand Your Goals: Are you testing for specific vulnerabilities like data leakage, or do you want to benchmark your model against industry standards? Defining your objectives will help you make the most of Garak’s capabilities.

3. Run Your First Scan: Start small. Use one of the provided plugins or a sample dataset to get a feel for how Garak operates.

4. Analyze the Results: Garak’s reports highlight vulnerabilities in clear, actionable terms. Use this feedback to adjust your model or workflow to reduce risks.

These steps can help you hit the ground running, whether you’re an experienced practitioner or just beginning your journey into AI security.

My Journey in AI Security

A quick intro about me: I’m a machine learning enthusiast in the middle of a graduate course / bootcamp that’s helping me sharpen my data science and ML engineering skills. I’ve been working with Jupyter notebooks to practice hands-on problem-solving recently for that course - it’s a ton of fun flexing the muscles now that they’re starting to develop! At the same time, I’m building a low/no-code social media automation tool using Make.com integrated with ChatGPT’s 4o-mini model. This project not only streamlines my content distribution but also gives me practical experience applying AI tools.

My fascination with AI security runs deeper, though. I’m currently developing a prompt engineering library and revisiting an informal guide I wrote on prompt engineering—a practical take on how to create effective AI instructions. To refine these skills further, I’ve been taking a red teaming class with Sander Schulhoff at Learn Prompting. This class explores adversarial tactics for identifying and addressing vulnerabilities, a perfect complement to tools like Garak.

Why AI Security Is Everyone’s Responsibility

Tools like Garak make it easier to test for vulnerabilities, but they’re only as effective as the people using them. By learning to identify risks and applying tools systematically, we can build AI systems that are safer and more resilient. Whether you’re an engineer, a researcher, or just curious about the field, start with tools like Garak and invest in building your understanding of prompt design, data security, and adversarial testing.

Final Thoughts

This is more than my first blog post—it’s the start of my attempt to add to what I hope is a greater conversation about how we approach AI security as individuals and as a community. If you’re just getting started, take the first step with tools like Garak. And if you’re further along, I’d love to hear your thoughts and experiences. We need to stay curious and connected. I genuinely think that if we can work together for a future where AI is both innovative and secure, all of humanity can benefit. I’ll share my journey, and hopefully we can learn together.